Reverse EFS Lens firmware

Started by leegong, November 15, 2017, 02:27:11 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

leegong

Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

leegong

On mainboard of Sigma 24-105 f4.0 EF lens , there is a MCU marked "EIS 944A" ,
Does anybody have more info of this MCU ?

leegong

Just get disassembly of Sigma 35mm F1.4 F-mount lens firmware successfully .
Todo :
1:Analyze firmware to understande how focus motor is driven .
2:Try to find datasheet of MCU EIS944A . then disassembly Sigma EF-mount firmware .

leegong

Just get disassembly of Sigma 35mm F1.4 EF-mount lens firmware successfully ,
lots of EF lens protocol CMDs are found in the firmware , start analyzing !!!

g3gg0

really a great idea :)
keep us informed

which CPU MCU is it?
Help us with datasheets - Help us with register dumps
magic lantern: 1Magic9991E1eWbGvrsx186GovYCXFbppY, server expenses: [email protected]
ONLY donate for things we have done, not for things you expect!

Indy

Hi,

Did you try measuring entropy on it?
Could you please dump of first 0x40 bytes in hex + ascii?

Indy

Quote from: leegong on November 15, 2017, 02:27:11 AM
Lens firmware of EF-S 55-250 and EF-S 40 f2.8 are downloadable on Canon offical site ,
with great help from a1ex , i tried to analyze 55-250 firmware , but no progress ,
the BIN seems to be encrypted or i was wrong somewhere.
Now start to analyze Lens firmware of Sigma 24-105mm f4.0 .

a1ex

I don't think they are encrypted, just no human-readable strings or other things that could make sense.

@Indy: please find your dump_srec.py updated to parse *.lfu files.

0x40 byte headers:

EF012200.lfu:
00000000: 00 2c 00 00 4c 01 f0 02 00 00 00 00 00 00 00 00  .,..L...........
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: 00 00 00 00 00 00 02 00 00 00 00 01 00 91 02 14  ................
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................

L_00000000-EF012200-24105.bin:
00000000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
00000020: ff 56 87 00 00 7c 00 00 7f 0e 00 00 00 00 00 00  .V...|..........
00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................


Entropy (binwalk):


dfort

Slightly off-topic but I just found out that there are firmware updates for some EF-M lenses that were released March 1, 2018 to support the "Dual Sensing IS" function on the EOS M50. The EF-M 15-45mm f/3.5-6.3 IS STM, EF-M 18-150mm f/3.5-6.3 IS STM and EF-M 55-200mm f/4.5-6.3 IS STM lenses got the firmware update.

Interesting that on the Canon U.S.A. website the 15-45mm has both the 3.0.1 and 2.0.0 firmware updaters, usually only the latest updater is available. In addition, the Driver/Software Details shows this obvious error:

QuoteIf the lens firmware is already the latest version (EF-M 55-200mm f/4.5-6.3 IS STM: Version 2.0.0), it is not necessary to update the firmware.

This is for the 15-45mm lens!

In any case, here is an opportunity if anyone wants to dive into some EF-M lens firmware.